ADVANCED SERVER VIRTUALIZATION VMware and Microsoft Platforms in the Virtual Data center phần 7 ppsx

While it should match the guest operating system that is installed on the virtual disk, it does not have to match for the virtual machine to power on and function.. Prevent Virtual Machi

Th e current power state of the virtual machine, whether it is powered on,

off , or suspended

Th e virtual machine ID (VMID) and the process ID (PID) Th is number

is useful when trying to locate the virtual machine in the running processes

of the host server (either in the Windows Task Manager or the Linux

Pro-cess Status)

Th e number of virtual processors confi gured for the virtual machine

Th e average, minimum, and maximum percentage of the GSX Server host

processor that the virtual machine used in the previous minute

Th e average, minimum, and maximum percentage of the GSX Server host

memory that the virtual machine used in the previous minute

Th e up time or how long the virtual machine has been powered on and

running

Th e status of VMware Tools on the virtual machine - whether it is running

or not available

Th e average number of heartbeats received by a virtual machine

Th e IP address of the virtual machine

Links to modify the virtual machine's hardware and confi guration fi le

Th e guest operating system installed inside of the virtual machine Th is

information is gathered from the virtual machine's confi guration fi le

Th e amount of memory allocated to the virtual machine

Th e path to the virtual machine's confi guration fi le (.vmx)

The Hardware Tab

Clicking on the Hardware tab (see Figure 20.20) lists the virtual hardware for

the selected virtual machine Th e virtual hardware is broken out into two

catego-ries: Removable Devices and Other Hardware Removable devices include such

Figure 20.20 Virtual

Machine

Overview—Hard-ware.

virtual hardware as the fl oppy drive, DVD/CD-ROM drive, and the network

adapter Other hardware may include such components as the virtual processor

and memory, and the virtual disk Th is page allows the virtual hardware for the

selected virtual machine to be confi gured by either adding new devices,

remov-ing existremov-ing devices, or editremov-ing existremov-ing devices Figure 20.21 provides a list of

additional devices that may be added to a virtual machine

When confi guring the virtual hardware, diff erent options or choices may be

available based on the current power state of the virtual machine or the type of

component being confi gured For example, when confi guring a removable

de-vice such as a fl oppy drive or a DVD/CD-ROM drive, if the virtual machine is

powered off , then the device’s connection status can be toggled on and off

Oth-erwise, the option is grayed out Likewise, while a virtual machine is powered

on, other options such as adding a new device, removing a device, or editing a

device may become grayed out as well When a virtual machine is powered off ,

the virtual device may also be modifi ed to change the way it functions For

ex-ample, the virtual network adapter allows its network connection to be changed

from Bridged to NAT or its virtual device to be modifi ed from vlance to vmxnet

Additionally, a virtual disk may have its disk mode confi guration changed from

Persistent to Nonpersistent Network adapter connection types and virtual disk

modes are covered in detail in chapter 22 It is safe to say however, that most

vir-tual hardware can only be confi gured while the virvir-tual machine is powered off

The Options Tab

Th e Options page (see Figure 20.22) allows for review and modifi cation of basic

information about the selected virtual machine It also off ers direct access to the

selected virtual machine’s confi guration fi le Th ese confi guration options include

the following:

Figure 20.21 Add Hardware Device Types.

Display Name—descriptive name used to identify the virtual machine

in the management interface or the console virtual machine listing As

a best practice, the display name should be an informative name to

pro-vide some level of detail about the virtual machine, such as its

operat-ing system, department, or functional role The display name can be

changed while the virtual machine is either powered on or off

Guest Operating System—indicates the guest operating system selected

during the creation of the virtual machine While it should match the

guest operating system that is installed on the virtual disk, it does not have

to match for the virtual machine to power on and function Th erefore, do

not assume that what is populated here is in fact the operating system that

is installed

Suspend File Location—specifi es the location of the suspended state fi le

By default, the suspended state fi le is stored in the directory where the

virtual machine's confi guration fi le resides Suspend fi les can become very

large in size, therefore it is recommended that the suspend fi le location is

stored on a physical disk with enough space to accommodate it

Enable Logging—indicates whether logging for the virtual machine is

en-abled Logging of a virtual machine may accumulate large amounts of data

that in turn may take away precious disk space from a host server, which

is one reason to disable logging However, if a virtual machine crashes or

VMware support is needed to troubleshoot a problem with the virtual

machine, these log fi les may be required to diagnose the problem

Run with Debugging Information—indicates whether the virtual machine

is running with debugging information By default, this option is disabled

Enabling this setting will aff ect the performance of the virtual machine;

however, if the virtual machine is exhibiting problems, enabling this

fea-ture may help troubleshoot the issue

Figure 20.22 Virtual

Machine Overview—

Options.

Startup and Shutdown Options—indicates whether the virtual machine should start when the host server starts or shut down when the host server

is shut down Th e virtual machines can also be set to stagger starting up

or shutting down so that multiple virtual machines do not all start or stop

at the same time, which could cause a performance problem for the host server or the virtual machines on that host server

Verbose Options—allows the virtual machine's confi guration fi le to be modifi ed directly VMware recommends only an experienced and ad-vanced user modify the fi le directly Modifying the confi guration fi le with

an incorrect setting can cause the virtual machine to no longer boot

Users and Events Tab

Th e Users and Events page (see Figure 20.23) contains information that relates

to the virtual machine such as currently connected users, permissions of the

cur-rent user, and events that have taken place in relation to the virtual machine

Virtual Machine Console Connections—identifi es a list of users that are connected to the virtual machine either with a console connection or by using a VMware Scripting API Th e list provides the date and time stamp along with the IP address of the user connected to the virtual machine

Th is feature provides important information when trying to determine security issues related to access of a virtual machine

Permissions—indicates what abilities the currently logged in user has on the virtual machine Th e following options are either allowed or denied

Figure 20.23 Virtual Machine Overview—Users and Events.

1 View virtual machine status

2 Modify virtual machine confi guration

3 Control virtual machine (powering it on, off , or suspending it)

Events—displays a log of the 15 most recent actions or events

record-ed for the virtual machine Th e log shows date and time stamps for the

event along with an explanation Information can include a power state

change on the virtual machine (powered on, off , or suspended), errors

produced, or GSX Server question and answer information Th e event log

retrieves its data from the log fi le for the virtual machine's confi guration

fi le By default, this log fi le is stored in the virtual machine's directory On

a Windows host, the default directory is <installdrive>:\Virtual Machines\

<guestOS> On a Linux host, the default directory is /var/lib/vmware/

Virtual Machines/<guestOS> Many of these events are also tracked on a

Windows host server in the Windows Event Viewer under the Application

log using VMware GSX Server as the source and Virtual machines as the

category

Security

In the past, the computer industry has been focused on security, primarily being

concerned with defending against external threats Perimeters were created to

help ward off these threats by introducing various tools such as antivirus

soft-ware, fi rewalls and intrusion detection and prevention systems However, as the

human factor (namely end users) grew within the industry, security problems

were faced on two fronts: servers still needed protection from external threats

more than ever, but now they also needed protection against threats from within

Add virtualization into the server mix and security concerns become that much

more exasperated Why? With the addition of the GSX Server environment into

the physical environment, both the guest operating system and the host

operat-ing system must deal with security concerns and issues

In order to properly secure a host and guest operating system in a GSX Server

environment, it is important to undergo proper planning when creating virtual

machines In other words, it is important to fully understand the role and

func-tion of all virtual machines that are created For example, a virtual machine or

group of virtual machines created to test an application may be confi gured in an

isolated network environment Th is confi guration may not cause as much

secu-rity alarm as a virtual machine that is created to act as the production network

domain controller Additionally, a virtual machine acting as a Web server may

raise even more alarm since it is being directly accessed by unknown users from

the Internet Th is section will outline the various methods to help deal with the

security concerns and issues brought about with the introduction of

virtualiza-tion

Securing the Host Server

Th is section describes a number of methods to properly secure the GSX Server

host Keep in mind, the GSX Server host is still a physical server Any normal

best practices used to secure other physical servers in the environment should

also be followed, unless it negatively impacts something required for VMware

GSX Server to operate properly

Antivirus Software

A Windows host operating system exposed to the outside world needs to have

virus protection installed It is important to monitor the performance of the

host server, to make sure that real-time virus scanning does not interfere with

the virtualization processes or the virtual machines If performance is running

too high, it might make sense to change the real-time virus scanning to only scan

modifi ed fi les It is also important to disable scanning any of the following by

us-ing an exclusion rule: the installation path of GSX Server and any virtualization

fi les such as virtual disk fi les, suspend fi les, confi guration fi les, fl oppy images and

ISO images

Prevent Virtual Machines from Running in Full Screen Mode

On a Linux host server, the vmware-remotemks binary (the program that

al-lows the VMware Virtual Machine Console to connect to a GSX Server host

remotely) runs as root with the setuid bit set Th is allows a virtual machine to

enter full screen mode To disable the setuid bit and keep the program from

run-ning as root, switch to the root user and change to the directory where

vmware-remotemks was installed Th e default location is /usr/bin Type the following

command at a terminal:

chmod -Xs vmware-remotemks

Doing so will increase host security, but the down side to disabling the setuid

bit is that virtual machines on the host server will no longer be able to enter full

screen mode

Network Segmentation

Depending on the role of the virtual machines, it may be a good idea to

seg-ment the physical servers from the virtual machines by creating multiple

net-works at the physical switch If the virtual machines are being created for some

other purpose other than production environment resources, segmenting the

two networks (physical and virtual) will help to secure the production

environ-ment from loosely controlled virtual machines that may not be up to production

security standards

Securing IIS for GSX Server for Windows Hosts

GSX Server for Windows uses Microsoft’s Internet Information Server (IIS) to

host the VMware Management Interface In order to maintain security,

com-monly used best practices to secure IIS should be followed In addition to these

best practices, the following suggestions can also be used to help secure the

en-vironment

Do not host other Web sites on the GSX Server host machine Web sites

should be hosted on nonvirtualization-based physical servers or within

virtual machines

With the exception of the VMware Management Interface Web site, all

other Web, FTP and SMTP services listed in the IIS Manager should be

removed

IP address restrictions can be used to limit access to the management

in-terface

1 In IIS Manager, in the Web Sites directory, right click the management

interface Web site and then select Properties

2 Click the Directory Security tab

3 Click Edit in the IP address and domain name restrictions section

4 Click either Granted access or Denied access When selecting Denied

access, access to all computers and domains are denied When selecting Granted access, access to all computers and domains are granted, except

to those specifi cally denied access

5 Click Add and then select either Single computer or Group of computers

6 Enter either the IP address or the Network ID and Subnet mask and

then click OK

Increase the VMware Management Interface application protection

op-tion from Low (IIS Process) to High (Isolated) Th is setting helps reduce

the risk of compromise by any unforeseen vulnerability within the

man-agement scripts

1 In IIS Manager, in the Web Sites directory, right click the management

interface Web site and then select Properties

2 Click the Home Directory tab

3 Set the value for Application Protection to High

4 Click OK to confi rm the settings change

5 Stop and start the IIS service to allow the change to take eff ect

Th e confi gured IIS fi le extensions used by the VMware Management

In-terface scripts do not perform a check to see if the script fi le exists before

attempting to execute it Th ere could be a security risk allowing a remote

user to invoke the script interpreter without needing to pass it a legitimate

fi le that exists To circumvent this potential security problem, the Check

that fi le exists option should be enabled in the fi le extension mappings for

.pl and xvm

1 In IIS Manager, in the Web Sites directory, right click the management interface Web site and then select Properties.

2 Click the Home Directory tab and then click Confi guration

3 Under Application Extensions, select pl and then click Edit Select the Check that fi le exists option and then click OK

4 Under Application Extensions, select xvm and then click Edit Select the Check that fi le exists option and then click OK

5 Click OK to confi rm the settings changes

6 Stop and start the IIS service to allow the change to take eff ect

Securing Connections with SSL

By default, GSX Server 3 has SSL enabled for secure connections using both

the VMware Virtual Machine Console and the VMware Management

Inter-face Using SSL for the console and the management interface connection keeps

the network traffi c secure by encrypting the username, password and network

packets sent to the GSX Server host With SSL enabled, GSX Server creates its

own security certifi cates and stores them on the host server Unfortunately, these

certifi cates are not signed by a trusted certifi cate authority, and therefore do not

provide authentication If encryption is needed across remote connections

ex-ternally, a certifi cate from a trusted certifi cate authority should be purchased To

use a purchased security certifi cate, use the information below

On a Windows host, run the Microsoft Management Console (MMC)

and select the purchased certifi cate If the VMware Management Interface

is ever upgraded, the certifi cate will need to be reassigned to the ment interface

On a Linux host, copy the purchased certifi cate for the VMware ment Interface to /etc/vmware-mui/ssl Th e management interface certifi -cate consists of two fi les: the certifi cate is the mui.crt fi le and the private key is the mui.key fi le Th e private key fi le should be assigned permissions

Manage-so that only the root user can read it If the management interface is graded or removed on a Linux host, the certifi cate and directory remain in place

up-Restricting Virtual Machine and Virtual Disk Creation

Any user with access to the GSX Server host, by default, has the ability to create

a virtual machine or a virtual disk fi le on the host server While many users may

be allowed to access the host server, as a security precaution for the host server

and all running virtual machines, the number of users allowed to create virtual

machines or disk fi les should be limited Without any controls in place, a user

may accidentally consume too much disk space on the host server or add an

un-patched virtual machine that could cause security problems for the other virtual

machines or physical machines on the same network To restrict the ability to

create a virtual machine or virtual disk on the host server, the following steps

should be performed:

1 On the GSX Server host, create a fi le and assign it a name (referred to as

<name> going forward)

2 Assign write permissions to <name>, only to the users and/or groups that

are allowed to create a virtual machine or virtual disk on that host server

3 Use a text editor to modify the GSX Server confi guration fi le If the host

server is a Windows server, the fi le is C:\Documents and Settings\All

Us-ers\Application Data\VMware\VMware GSX Server\confi g.ini If the

host server is a Linux server, the fi le is /etc/vmware/confi g

4 Th e following lines should be added to the confi guration fi le:

Serverd.doCreateCheck = “TRUE”

Serverd.createCheckFile = “<name>”

Where <name> is the name of the fi le created in Step 1

5 Save the fi le and then close and exit the text editor

6 On a Windows host, restart the VMware Registration Service by

open-ing the Services console, right click the service and select Restart

On a Linux host, restart the vmware-serverd process with the following

command:

kill -TERM `pidof vmware-serverd`

If the vmware-serverd process does not restart automatically, reboot the

GSX Server host

Now, only users or members of the group with write access to the <name> fi le

can create virtual machines or virtual disk fi les on the host server If a change is

made to the user or group list in the fi le permissions of <name>, then Step 6 will

need to be executed again to update the GSX Server host with the permission

changes

Disabling Guest Operating System Logging

Virtual machines can log troubleshooting data into a log fi le stored on the host

server’s disk drive Th ese log fi les are not secured Any user or process in the

vir-tual machine can maliciously use this logging process to cause large amounts of

data to be logged Th e data may eventually grow large enough to fi ll up the host

server’s hard disk, thereby leading to a denial of service To secure the host, this

logging feature can be disabled on the host server by adding the following line

to each virtual machine’s confi guration fi le:

isolation.tools.log.disable = TRUE

If you disable this logging feature, VMware Support may not

be able to provide any help troubleshooting problems that might arise Logging may need to be re-enabled and the prob-lem may then need to be reproduced Keep in mind, this op-tion only disables logging from the guest operating system and does not

disable logging generated by GSX Server

Changing the Console Port Number

By default, the VMware Virtual Machine Console connects to the GSX Server

host and its virtual machines on port 902 If this port is already used for another

application, deemed a security risk because it is a default port, or if the port

number needs to be diff erent per host because diff erent groups of users are

ac-cessing diff erent host servers then the port number should be changed on the

host and the remote console accessing it

Changing the Port Number on a Windows Host or Client

In order to change the port number on a GSX Server for Windows host server,

the following line must be added to the confi g.ini fi le located in C:\Documents

and Settings\All Users\Application Data\VMware\VMware GSX Server:

authd.port = <NewPort>

Where <NewPort> is the modifi ed port number that all consoles need to use

to properly connect to the GSX Server host or its virtual machines

In order to change the port number used by the console, whether on the

Windows host server or client, a confi g.ini fi le must be created and placed in C:\

Documents and Settings\All Users\Application Data\VMware\VMware Virtual

Machine Console Th e following line should be added to the fi le:

authd.client.port = <NewPort>

Where <NewPort> is the modifi ed port number that all consoles need to use

to properly connect to the GSX Server host or its virtual machines Th e authd

port on the GSX Server host must have this same port number assigned

To assign the port number to a specifi c user that is using the console installed

locally on the Windows host server, add the following line to the preferences

ini fi le located in C:\Documents and Settings\<user name>\Application Data\

VMware:

authd.client.port = <NewPort>

Where <NewPort> is the modifi ed port number that only this specifi ed user

account will use to properly connect to the GSX Server host or its virtual

ma-chines Th e authd.port on the GSX Server host must have this same port

num-ber assigned in the confi g.ini fi le

Changing the Port Number on a Linux Host or Client

In order to change the port number on a GSX Server for Linux host server, the

fi rst step is to determine whether the host server is confi gured to use xinetd or

inetd If the host server is using xinetd, the following line located in /etc/xinetd/

vmware-authd must be changed:

port = 902

Change the port number to the new port number that all consoles need to use

to properly connect to the GSX Server host or its virtual machines

If the host server is using inetd, the following line located in /etc/inetd.conf

must be changed:

902 … vmware-authd

Change the port number to the new port number that all consoles need to use

to properly connect to the GSX Server host or its virtual machines

In order to change the port number used by the console, whether on the

Linux host server or client, the following line should be added to either

/etc/vm-ware-console/confi g or /usr/lib/vm/etc/vm-ware-console/confi g:

authd.client.port = <NewPort>

Where <NewPort> is the modifi ed port number that all consoles need to use

to properly connect to the GSX Server host or its virtual machines Th e authd

port on the GSX Server host must have this same port number assigned

To assign the port number to a specifi c user that is using the console installed

locally on the Linux host server, add the following line to

~/.vmware/prefer-ences:

authd.client.port = <NewPort>

Where <NewPort> is the modifi ed port number that only this specifi ed user

account will use to properly connect to the GSX Server host or its virtual

ma-chines Th e authd.port on the GSX Server host must have this same port

num-ber assigned in its vmware-authd fi le When this user is logged in, the modifi ed

port number in the preferences supersedes the port number specifi ed in the

confi g fi le

Securing the Virtual Machine

Th is section describes a number of methods to properly secure the virtual

ma-chines Keep in mind that virtual machines still function as if they were physical

servers For the most part, any best practices that are normally followed to secure

physical servers should also be followed for virtual machines

Antivirus Software

A Windows guest operating system exposed to the outside world needs to have

virus protection much like a physical server It does not matter if antivirus

soft-ware is installed on the host server A virtual machine needs its own copy of

an-tivirus installed Unlike a physical server, there are a few things to consider when

confi guring an antivirus solution in a Windows guest operating system

Make sure you account for the extra overhead that an antivirus solution provides when creating a virtual machine confi guration fi le During the planning process, make sure enough disk space is available for virus defi ni-tion downloads and enough memory and processor is available to run the software and the virus scanning

If there are a number of running virtual machines on the host server, be sure to stagger the virus scanning schedule If all of the virtual machines

on the host server start their virus scans at the same time, the host server performance may become starved for resources

If the antivirus software provides real-time scanning, monitor the sor utilization to make sure the process is not running higher than normal

proces-In some cases, real-time virus scanning on the guest operating system may spike to a percentage of utilization beyond what is acceptable If this is the case, modifying the real-time scan to only scan fi les that have been modifi ed as opposed to all fi les should bring processor utilization back to

a normal and acceptable amount

Operating System and Application Security Patches

It is important to keep the guest operating system and all applications up to date

with any security patches or service packs Operating systems and applications

installed on a virtual machine suff er from the same security concerns and

prob-lems as those faced in a physical server If an application such as a Web server

(IIS or Apache) becomes exploited, it should be patched immediately However,

if a guest operating system comes out with a new update, it is not always a good

idea to quickly update the virtual machine A new service pack in the guest

operating system may cause problems for the host platform Case in point, the

Windows Server 2003 Service Pack 1 was not offi cially supported as a guest

operating system until VMware GSX 3.2 While that does not mean that the

service pack would not function correctly in the virtual machine, it does mean

that it was not supported And as such, VMware support would not be able to

help troubleshoot any problems that may arise

Network Isolation

A simple way to secure a virtual machine from the outside world is to create

its confi guration fi le without a virtual network adapter In a workstation class

virtualization environment, this option might be common But in a server class

virtualization environment, chances are the virtual machine is going to have to

at least interact with other virtual machines In this case, one possible solution

is to segment the virtual machine into an isolated virtual network environment

By creating the virtual machine with a virtual network adapter confi gured for

host-only networking, the virtual machine can remain isolated from all external

networks, which in turn gives the virtual machine an added layer of security

Marking the Virtual Machine as Private

By default, when a new virtual machine is created, it is created as private When

marked as private, only the user that created the virtual machine can see it in the

inventory of the host server Other users cannot browse to the virtual machine or

add it to their inventory Th erefore, marking the virtual machine as private can

add to the virtual machine’s security To mark a virtual machine as private after

it has been created, complete the following steps:

1 Select the virtual machine in a console and then select VM > Settings to

open the virtual machine settings editor

2 Click the Options tab and then click Permissions

3 To mark the virtual machine as private, activate the checkbox next to

Make this virtual machine private

4 Click OK to save the settings and close the settings editor window

Virtual Machines and File Permissions

As explained in previous chapters, virtual machine components are simply made

up of fi les that reside on the physical host server Two common fi le types are

the confi guration fi le (.vmx) and the virtual hard disk (.vmdk), both of which

reside on a physical disk File permissions on these and other fi les or folders are

very important for security reasons Without the proper security permissions,

the virtual machines become exposed If the fi les are not secured, any one of the

following scenarios could occur:

Virtual machine fi les can be copied elsewhere with the intent of hacking

into and exploiting the guest operating system at a later date

Virtual machine fi les can be copied elsewhere with the intent of stealing

private data, software, or code

Virtual machine fi les can be accidentally or maliciously deleted causing the

virtual machine to be rendered useless

A malicious user can alter the security settings on the fi les to lock out the

real owner of the virtual machine

A user may connect to a virtual machine and alter the guest operating

system or software in an unwanted manner

Access to a virtual machine is based on the user permissions granted to the

virtual machine’s confi guration fi le On a Windows host server, when a user

connects to the VMware Virtual Machine Console or the VMware Management

Interface, the VMware Authorization Service requests a username and password

for authentication On a Linux host server, the VMware authentication daemon

(vmware-authd) requests a username and password and then passes them to

the Linux Pluggable Authentication Modules (PAM) for authentication

Dif-ferent permissions allow for access to virtual machines in diff erent ways Th ey

include:

Browsing a virtual machine allows the user to connect to the virtual chine with a console, however they can only see the virtual machine's power state Th ere is no interaction with virtual machine whatsoever To browse a virtual machine, the user needs the following permission: on a Windows host server—Read; and on a Linux host server—read (r) permis-sion

Interacting with a virtual machine allows the user to change the virtual machine's power state or connect and disconnect removable devices To interact with a virtual machine, the user must have the following permis-sions: on a Windows host server—Read & Execute; and on a Linux host server—read and execute (r and x)

Confi guring a virtual machine allows the user to add and remove virtual hardware to and from a virtual machine To confi gure a virtual machine, the user must have the following permissions: on a Windows host server—

Read and Write permissions for the virtual machine's confi guration fi le as well as the virtual machine resources; and on a Linux host server—read and write (r and w)

An administrator or root user may confi gure the GSX Server host or any virtual machines on that host On a Windows host server, the user must

be a member of the host server's Administrators group On a Linux host server, the user should have root access to the directories containing the virtual machine fi les To have specifi c administration over a single virtual machine, the user should have Read & Execute and Write permissions on

a Windows host server or read, write, and execute (r, w, and x) permissions

on a Linux host server to the particular virtual machine

Permissions for Removable Devices for Virtual Machines

Normal users and processes within virtual machines have the ability to connect

or disconnect certain devices identifi ed in a virtual machine’s confi guration fi le

For example, a virtual machine may have a CD-ROM drive attached, yet

dis-connected, that points to physical media in the host server’s CD-ROM drive

Th is CD-ROM may contain confi dential data that should not be exposed to a

normal user with access to a virtual machine Once a user has access to the

vir-tual machine in this state, they can gain access to the data on the CD-ROM by

simply connecting the removable device Another example, a normal user that

has access to a virtual machine in the production network may accidentally or

maliciously remove a virtual network adapter from the virtual machine, causing

a denial of service To prevent these things from happening, add the following

option to the virtual machine’s confi guration fi le

<device>.allowGuestConnectionControl = FALSE

Where <device> is a device name specifi ed such as ethernet0

Summary

After the installation of VMware GSX Server is complete, the host server is ready

to be confi gured for daily use To help with that process, VMware provides two

solutions to help confi gure and manage both the virtual machines and the host

environment Both solutions provide similar management and confi guration

features but off er them in a diff erent way One solution is a Web-based

man-agement tool called the VMware Manman-agement Interface It provides additional

resource monitoring information that can prove useful during troubleshooting

and to help balance out the placement of new virtual machines Th e other

so-lution is a client-based management tool called the VMware Virtual Machine

Console In addition to providing management and confi guration options, it

also provides a KVM-like remote control feature to connect to, view, and

inter-act with the virtual machine’s desktop Host confi guration does not stop there

With the addition of virtualization, an already high network security level just

got multiplied Security has become a big concern, and with the ease at which

a virtual machine is created and added into a network, more security initiatives

need to take place While there are ways to lock down and secure GSX Server

and its virtual machines, it is important to remember, the old faithful security

eff orts for a physical server and environment still hold true in a virtual machine

and a virtual environment

Creating a VMware GSX

Server Virtual Machine

Going beyond the basic installation and confi guration of GSX Server, this

chap-ter provides a step-by-step process for creating a virtual machine and installing

its guest operating system on the GSX Server platform Th e chapter stops short

of going through an entire guest operating system install, instead focusing on

the steps that lead up to and follow the operating system installation Before a

virtual machine is created, the virtual machine’s confi guration should undergo

a process of proper preparation and a decision-making process to determine the

use of the virtual machine Once that is complete, the virtual machine is added

through the creation of a confi guration fi le Th e confi guration fi le is a collection

of settings and resources that, when bound together, form the virtual execution

environment Once created, the fi nal step is to power the virtual machine on and

install the guest operating system

Preparation

Th e fi rst thing to do to prepare for the creation of a virtual machine is to

de-termine the purpose or use of the virtual machine It is important to properly

size and scope the virtual machine before blindly creating its confi guration

Ad-ditionally, proper planning is important when creating template images, rather

than creating a department fi lled with time consuming one-off images that

to-tally negate one of the time saving features of using virtualization Below are

sample questions that should be asked during the preparation stage; however,

chapters 6 and 24 go into much further detail to help with this process

What operating system is needed?

What applications need to be installed?

How much memory does this confi guration require to operate smoothly?

How much disk space is needed?

What type of networking, if any, is required?

What other resources or devices are needed in this confi guration?

Once the planning stage is complete, it is important to gather all of the software

and hardware needed to create the virtual machine A physical server with the

proper hardware and enough resources available to run GSX Server and the

virtual machine is needed Th e operating system software (media and/or ISO

images), application software, drivers (fl oppy disks, media or images) as well as

any license keys all need to be accumulated for use during the creation process

Th ere are also many concerns that should be noted before attempting to start

the virtual machine creation process

Screen savers should be disabled on the host server before the guest

operat-ing system is installed

Screen savers on the guest operating system may be too CPU intensive for

the host server In some cases, it may cause a Linux host server's X server

to lock-up and freeze

Verify the operating system media or image is not an OEM copy that

requires installation on specifi c hardware If so, when the initialization

process begins, the virtual hardware will not match the expected vendor

hardware and the installation will fail

As with physical servers, a separate operating system or application license

is usually required for each virtual machine that gets an installation Verify

the software license agreement to make sure to stay in license compliance

A guest operating system's hibernation feature is not supported and should

not be used, instead, it should be disabled in favor of using the VMware

suspend feature

Microsoft's Activation policy can cause havoc when creating a template

image or when making confi guration changes to a virtual machine

Cer-tain confi guration changes may require reactivating the guest operating

system It is therefore best to either create the virtual machine in its fi nal

form with little to no changes made after the fact or to use volume license

key media where activation is not required

Migrating virtual machines from one host to the next that use a diff erent

type of processor may cause an issue For example, Red Hat Linux 9.0

is sensitive to moving from AMD to Intel and vice versa because during

installation a kernel is chosen that is optimized for that specifi c

proces-sor Th e kernel may contain instruction sets that are only available for the

original processor and may cause adverse eff ects when executed against a

diff erent processor type

Once a process is in place, creating and provisioning virtual machines becomes

a much easier operation

Creating a Virtual Machine

GSX Server off ers a number of ways to create a new virtual machine Th ey can

be created by using the VMware Virtual Machine Console, the VMware

Man-agement Interface, VMware VirtualCenter, third-party manMan-agement tools or

even through the use of scripts Each of these options basically accomplishes the

same thing: they create a virtual machine confi guration fi le, complete with the

settings and resources needed to be a working virtual machine Th is section will

cover step-by-step instructions using the Virtual Machine Console method To

illustrate, the following steps can be used to create a new virtual machine using

the New Virtual Machine Wizard option located in the console

New Virtual Machine Wizard

To create a new virtual machine:

1 Launch the VMware Virtual Machine Console

2 Select File > New Virtual Machine or from the Home tab click the New

Virtual Machine icon and the New Virtual Machine Wizard will start (see Figure 21.1) To navigate through the Wizard, Next and Back buttons are located at the bottom of the screen If at any point an incorrect selection

is made, click the Back button to navigate to the previous screen Click Next to begin

Figure 21.1 New Virtual Machine Confi guration.

3 Select the appropriate confi guration

Th e Wizard then prompts for a virtual machine confi guration method

and off ers two types: Typical and Custom Selecting the Typical option

will create a virtual machine with the most common devices and basic

confi guration options while selecting the Custom option will create a

vir-tual machine with additional devices and off er several more confi guration

screens To gain better control over the creation of the virtual machine,

click the Custom option and then click Next

Th e custom option contains all of the screens found within the typical option in addition to more features and screens

4 Select a guest operating system (see Figure 21.2)

Select the desired guest operating system that will be installed in the

vir-tual machine By selecting a radio button for the guest operating system

family, diff erent operating system versions are off ered in a drop-down list

Th e Wizard will make default confi guration choices based on the

operat-ing system selected If the operatoperat-ing system of choice is not listed, select

Other For this example, Windows Server 2003 Standard Edition will be

selected Click Next to continue

5 Name the virtual machine (see Figure 21.3)

Th e Wizard then prompts for the virtual machine name and the location

to store the fi les that are associated with the virtual machine By default,

the virtual machine and its directory folder are named for the version of

the operating system selected in the previous step With proper planning,

these names should be changed to something more appropriate to better

identify the virtual machine or its function For this example, a Windows

Server 2003 domain controller will be created and appropriately named

W2K3-DC-01 Click Next to continue

Figure 21.2 Select a

Guest Operating System.

Each virtual machine will have its own directory that stores all of its associated fi les such as the confi guration fi le, the disk

fi le(s) and the NVRAM fi le By default, on a Windows host server, the virtual machine directory is located on Z:\Virtual Machines (where Z is the VMware install drive) On a Linux host server,

the default virtual machine directory is /var/lib/vmware/Virtual Machines

For performance reasons, the default directory should be on a diff erent

lo-cal drive from the host operating system To make that change in the

con-sole, select Host > Settings > General and select a new unique directory

6 Set access rights (see Figure 21.4)

By default, the access rights to a newly created virtual machine are marked

as private When a virtual machine is marked as private, only the user that

Figure 21.3 Create

a Name for the Virtual Machine.

Figure 21.4 Setting Access Rights.

created the virtual machine can see it listed in the inventory listing As an

example, this feature is useful when creating template images Until the

guest operating system is fi nished being confi gured, no other user should

have access to the virtual machine Once completed, the permission can

be changed to allow the virtual machine to show up in inventory for other

users to view Access rights can be changed at any time by selecting VM

> Settings > Options > Permissions For more information about

permis-sions and security, see chapter 20 For now, leave the virtual machine

marked as private and click Next

7 Startup/Shutdown options (see Figure 21.5)

Th ere are two choices to be made on this screen, choose the user account

for running the virtual machine (Windows host only) and the host startup

and shutdown options

Under Virtual machine account on a Windows host server, select a

user account for the virtual machine to use when it is powered on Th is

determines the network permissions from within the virtual machine and

access to virtual machine resources on the network Th ere are three

pos-sible choices:

User that powers on the virtual machine—Th e virtual machine runs

as the user account that powered it on When other users connect to the virtual machine, it still runs as the user that initially powered it

on Th e user account lock on this virtual machine goes away when the virtual machine is powered off It is important to make sure the virtual machine and its fi les are in a location that is accessible to that user

Local system account—Th is option can only be enabled by an istrator Th e reason being, with this option activated, the virtual ma-

admin-Figure 21.5 Modifying

Startup/Shutdown Options.

chine runs as the local system account (administrator) In general, it is not recommended to use the local system account; if compromised, it has unlimited access to the operating system resources Additionally,

it only has access to the local storage and cannot access fi les across the network

Th is user—Th e virtual machine will run in the user context for the specifi ed user account A local user account or local administrator ac-count can be used; however, it can also specify a fully qualifi ed domain account that will allow access to virtual machine fi les spanning the net-work (as long as the proper security is assigned to the user account)

Under Startup / Shutdown options on either a Windows host or a

Linux host, select how the virtual machine's power state should be dled when the host server's power state changes Th is option can only be enabled while the virtual machine is powered off and the virtual machine

han-is confi gured to run as an adminhan-istrator user It han-is important to stand, if this feature is not activated and the host server is powered off , the virtual machines will not be gracefully powered down Instead, it will

under-be as if the plug was pulled from the wall Th is option is also useful when boot order of the virtual machines on a host server is important For ex-ample, perhaps a virtual machine acting as a domain controller needs to boot fi rst, followed by a DHCP server, then an application server, etc

Setting this option will help facilitate that function

For now, accept the default values and leave the selection as User that

powers on the virtual machine Th ese options can be changed later by lecting VM > Settings > Options > Startup/Shutdown from the console

se-After setting the virtual machines on a host server to matically start up after the host boots and shut down when the host is shut down, you can also change the order in which

auto-it happens In other words, you can stagger the power on and power down of virtual machines to control their boot order Staggering

the boot order can be important if the virtual machines have a dependency

on one another (e.g., a database server may need to be powered on before

an application server that has a dependency on a database being up and

reachable) Once the confi guration change has been made to shut down

and start the virtual machines automatically, add the following option to

the virtual machine’s confi guration fi le:

autostart.order = <n>

Th e value of <n> must be a multiple of 10, and it controls the order in

which virtual machines start up and shut down For example, the fi rst

virtual machine would have a value of 10, with the second virtual machine

having a value of 20, the third a value of 30 and so on until the last virtual

machine in the list is modifi ed

8 Memory for the Virtual Machine (see Figure 21.6).

Th e Wizard provides a guide to help identify the amount of RAM that

should be allocated to the virtual machine Based on the guest operating

system selected earlier in the confi guration process, the Wizard provides

the minimum amount of memory recommended by the operating

sys-tem manufacturer and a GSX Server recommended range from normal to

maximum performance along with the total amount of memory available

to all running virtual machines

To change the amount of memory, the Wizard provides a sliding scale

that can be moved left to right, a spin controller with selection arrows up

and down, and an input fi eld Each of these can be used to allocate the

ap-propriate amount of memory to the virtual machine GSX Server requires

that the memory confi guration be entered in multiples of 4MB

For this example, leave the GSX Server recommended value of 384MB

Th is is suffi cient to install the operating system It can later be modifi ed

to increase the amount of memory based on the usage of the virtual

ma-chine

GSX Server currently has a maximum of 3.6GB of memory that can be allocated to any one virtual machine at a time It also has a memory limit based on the fi le system storing the virtual machine disk fi les If the virtual machine is stored on

a FAT16 or FAT32 Windows fi le system, the 3.6GB maximum is lowered

to 2000MB Th erefore, if your virtual machine will require more than

2000MB of memory, make sure the virtual machine is stored on a

Win-dows NTFS fi le system

Figure 21.6 Allocating

Memory for the Virtual

Machine.

9 Network type (see Figure 21.7).

Several networking options are off ered: bridged, network address

transla-tion (NAT), host-only networking, or no networking Bridged ing uses a virtual Ethernet adapter It is used when the host server is on

network-a network thnetwork-at hnetwork-as the network-ability to give sepnetwork-arnetwork-ate IP network-addresses to the virtunetwork-al machines (either manually or via DHCP) and host network or Internet access is required If the host network does not have enough IP addresses

to be distributed to the virtual machines and host network and Internet connectivity is required, NAT networking can be selected If the only network access that is required is the virtual network and access to the host server, host-only networking can be selected If there is no need for network connectivity of any kind, selecting do not use a network connec-tion is appropriate although not as likely in a server virtualization plat-form such as GSX Server For more details about VMware GSX Server networking confi guration, see the Virtual Networking section in chapter 22

For now, select Use bridged networking Th is option can easily be

changed once the virtual machine is created by selecting VM > Settings >

Hardware, selecting the network adapter and then changing the network connection setting

10 Select I/O Adapter Types (see Figure 21.8)

Both an IDE and a SCSI adapter are by default added to the virtual

machine While the IDE adapter is always ATAPI, there are two SCSI adapter types to choose from: BusLogic and LSI Logic Based on the guest operating system chosen in Step 4, GSX Server will select a default SCSI adapter Most guest operating systems will default to BusLogic However,

Figure 21.7 Select a Virtual Machine’s Network Type.

newer operating systems such as Windows Server 2003 and Red Hat

En-terprise Linux 3 default to the higher performing LSI Logic adapter If

the operating system does not have the appropriate driver for the adapter

built-in, it must be downloaded For more information on adapter types,

read the section Virtual Hard Disk Drives in chapter 22

Choosing a SCSI adapter in this step does not determine what type of

hard disk will ultimately be attached to the virtual machine Th e disk type

will be determined in Step 12 Th erefore in this example, take the default

that matches the Windows Server 2003 guest operating system—LSI Logic

11 Select a Disk (see Figure 21.9)

Th is step allows the hard disk of the virtual machine to be selected Th ere

are three options to choose from: create a new virtual disk, use an existing

virtual disk or use a physical disk

Figure 21.8 Select I/O

Adapter Types.

Figure 21.9 Select the

Virtual Machine’s Disk.

Create a new virtual disk—Select this option to create a new, matted virtual disk Th e virtual disk will appear as a fi le with a VMDK extension Th e attributes assigned to the disk fi le will be answered in the remaining steps.

Use an existing virtual disk—Select this option to attach a virtual disk

fi le that was previously created Th e virtual disk fi le may either be a previously used virtual hard disk or a template image Th e Wizard will then ask for the location of the virtual disk It can either be manually entered or the browse button can be used to navigate to the disk fi le

Use a physical disk (for advanced users)—Select this option to install the guest operating system on a physical or RAW disk Currently, GSX Server only supports booting from an IDE disk, although a SCSI disk can be added later as a secondary drive If this option is selected, the Wizard presents a list of available hard drives on the host server and a decision must be made to either use the entire disk or a partition on the disk VMware strongly cautions against using this feature By selecting

a physical disk, the virtual machine misses out on so many of the tures that virtual disks bring to virtualization

For this example, select Create a new virtual disk and click Next to

continue

12 Select a Disk Type (see Figure 21.10)

Select the disk type for the new virtual disk to be created, either IDE or

SCSI Once again, the Wizard will make a recommendation based on the guest operating system chosen for the virtual machine in Step 4

For this example, keep the recommended disk type of SCSI and click

Next

Figure 21.10 Select a Disk Type (IDE or SCSI).

13 Specify Disk Capacity (see Figure 21.11).

Th is step helps defi ne the sizing of the virtual hard disk Th ere are three

selections that need to be made: sizing of the disk, the allocation of disk

space and whether or not the disk fi le should be split out into multiple

fi les

Disk size (GB)—Enter the size of the virtual disk to be created Th ere are size limitations Th e fi rst limitation is the amount of free hard disk space on the physical disk where the virtual disk is being created Vir-tual disk fi les themselves also have a size limitation A virtual disk can

be as small as 100MB and can be as large as 128GB when created as an IDE virtual disk and 256GB when created as a SCSI virtual disk Th e default size is 4GB, which is an acceptable size for this example

Allocate all disk space now—Select this option by activating the check box Th e default setting is to allocate the full size of the virtual disk fi le when the virtual disk is created By pre-allocating the disk space, a fi xed disk is created that off ers better performance for the virtual machine

However, disk space can be a commodity, and if the fi le is going to

be backed up or moved around a lot, it makes sense to uncheck this option and allow the fi le to start small and grow as needed, thereby creating a dynamically expanding disk Fixed disks and dynamically expanding disks are covered in detail in chapter 22 For this example, uncheck the check box and allow the system to create the disk fi le as a dynamically expanding disk

Split disk into 2GB fi les—Selecting the checkbox will split the tual disk into multiple 2GB fi les By deselecting the checkbox (remov-ing the checkmark), the virtual disk fi le will be created as one single

vir-Figure 21.11 Specify

Virtual Hard Disk

Capacity.

VMDK fi le If the fi le system storing the virtual disk fi le is a fi le system that does not support fi les larger than 2GB in size (such as FAT16), the checkbox should be selected to split the fi les out into fi les 2GB or smaller in size For this example, deselect the checkbox and create the virtual disk fi le as a single fi le

14 Specify Disk File (see Figure 21.12)

Specify the name and location of the virtual machine’s disk fi les By

de-fault, GSX Server will automatically locate the disk fi le in the same path

as the confi guration fi le described in Step 5 It also defaults the disk fi le name to the guest operating system version selected in Step 4 For good house keeping purposes, the disk fi le name should be changed to match the name of the registered virtual machine in Step 5 For this example, the virtual disk fi le should be named W2K3-DC-01.vmdk

To specify which virtual device node should be used by the virtual disk

or to use independent disk mode, click the Advanced button

15 Specify Advanced Options (see Figure 21.13)

Specifying a disk mode adds another layer of complexity to a virtual disk

but allows for certain special confi gurations to exist One such example

is to exclude one or more virtual disks from a virtual machine’s snapshot

Th e following choices are available to an independent disk

Persistent—Changes are immediately and permanently written to the disk

Nonpersistent—Changes made to the virtual disk are discarded when the virtual machine is either powered off or reset

For this example, do not select independent disk mode

Figure 21.12 Specify Virtual Hard Disk File.

After reviewing the selections made, click the Finish button to

com-plete the New Virtual Machine Wizard Finally, GSX Server creates the

virtual machine confi guration fi le and the virtual disk fi le Th e virtual

machine is in a similar state to a brand new computer with a fresh boot

drive added A new hard drive needs to be formatted with a fi le system

and then have an operating system installed on it If the virtual machine is

powered on before that happens, a message similar to that in Figure 21.14

may be shown

Before the virtual machine can be used, the blank virtual hard disk

must be partitioned and formatted allowing a guest operating system to

be installed Th is is also the opportunity to make any modifi cations to

the confi guration fi le or add any additional virtual devices to the virtual

machine To do so, select VM > Settings and use either the Hardware or

Options tab

Figure 21.13 Specify

Advanced Options.

Figure 21.14 Virtual Hard

Disk without an Operating

System

If your host servers are confi gured with gigabit adapters and VMware Tools off ers vmxnet driver support for your guest operating system, now is the perfect time to change the de-fault vlance adapter to the higher performing vmxnet adapter

In a Windows virtual machine, once the guest operating system has

com-pleted its installation and added the vlance adapter through plug-and-play,

it may become problematic to then change out the network adapter in

favor of using vmxnet Changing the adapter after the fact may cause an

issue known as a ghosted network adapter, thereby causing TCP/IP

prob-lems for the virtual machine When the confi gured vlance adapter is later

replaced by the vmxnet adapter, the vlance adapter and its settings still

reside in the Window’s registry and it is hidden from the Device Manager;

network troubleshooting can be diffi cult

Once the virtual machine has been confi gured with the desired resources, it is

time to power the virtual machine on and install the guest operating system

Installing a Guest Operating System

Installing a guest operating system onto a virtual machine’s hard drive is just like

installing an operating system on a physical computer Th e installer for the guest

operating system has no knowledge that it is being installed onto a virtual

ma-chine Any devices, peripherals, or resources assigned to the virtual machine will

be recognized and confi gured as if they were assigned to a physical computer

Th e basic steps for a typical guest operating system installation include:

1 Launch the VMware Virtual Machine Console

2 Verify all devices and resources are properly confi gured

3 Attach the guest operating system media to the virtual machine

4 Power on the virtual machine

5 Follow the operating system installation instructions provided by the

vendor

GSX Server off ers four convenient ways to attach or mount CD-ROM media to a virtual machine It can be attached by inserting a physical CD/DVD-ROM into the physical host server’s CD/DVD-ROM drive or into the client computer’s CD/DVD-ROM drive or it can also be attached as an ISO image fi le lo-

cated on the host server or remotely on a network server To use the client’s

CD/DVD-ROM drive, the virtual machine must be connected via the

VMware Virtual Machine Console on the client Th is is a convenient way

of remotely accessing CD/DVD-ROM material when access to the

physi-cal host server is impossible for security or logistic reasons Using an ISO

image rather than physical media is still probably going to be the preferred

method of mounting CD/DVD-ROM media for a number of reasons:

ISO images have a faster access time than physical disc media

Th ey are quickly and more easily mounted to a virtual machine

Physical access is no longer needed to a physical CD/DVD-ROM drive

Th e information is on a DVD, but the host server and client machine only

have a CD-ROM drive installed

Physical media can become scratched or smudged, causing installation

problems

Acquiring physical media from those that control it in the organization

can become bothersome

Physical media often mysteriously disappears and its whereabouts can

re-main unknown

To attach the media, open the virtual machine’s settings editor (select VM

> Settings) and then select the Hardware tab followed by the CD-ROM

drive (see Figure 21.15) To attach physical media, select the Use physical

drive radio button and then choose either Host or Client To attach an

ISO image, select the Use ISO image radio button and either type the

full path and fi le name of the ISO image or click Browse and navigate to

the ISO image fi le Make sure the Device status has Connect at power on

activated with a checkmark

Th e next section provides more detailed steps on installing a Windows Server

2003 and a Red Hat Linux 9.0 guest operating system

Figure 21.15 Attaching

CD/ROM Media.

Installing a Windows Guest Operating System

GSX Server supports a wide array of Microsoft Windows operating systems

Continuing with the earlier example, a Windows Server 2003 Standard Edition

guest operating system installation will be detailed

1 Once the Windows Server 2003 media is mounted, power on the virtual

machine by clicking the Power On button

2 As long as the boot order in the BIOS has not been changed, the virtual

machine will boot from the CD-ROM media and the Windows tion begins If CD-ROM is not listed before hard disk, update the BIOS boot order to allow the virtual machine to boot off the CD-ROM me-dia

3 If the virtual disk drive was created as SCSI, a driver may need to be added

to the operating system installation Windows will prompt for any party SCSI or RAID drivers that need to be installed If SCSI was chosen,

third-a driver dependency exists bthird-ased on the SCSI third-adthird-apter type (BusLogic or LSI Logic) and the guest operating system chosen If the operating system does not have a built-in driver for the adapter, a fl oppy disk or fl oppy image containing the driver must be created When prompted, click F6 and attach the fl oppy media to the virtual machine When prompted for drivers, click S to specify a driver and then press <ENTER> once the fl oppy media is mounted Th e driver will then be installed during the SCSI and RAID driver installation section of the operating system

For this example, the virtual machine was created with a SCSI virtual disk and an LSI Logic SCSI adapter Windows Server 2003 contains a built-in driver for the LSI Logic controller, and therefore, does not need a third-party driver diskette

4 If the vlance network adapter was enabled, an AMD PC/NET Family

Ethernet Adapter would be detected and set up automatically In this ample, the vmxnet network adapter was enabled Since the operating sys-tem does not have a built-in driver for this network card, the device will not be confi gured until VMware Tools is installed and the vmxnet driver

ex-is added to the system

5 Follow the installation steps according to the instructions on the screen

just as if the operating system were being installed on a physical server

Until VMware Tools is installed on the virtual machine, the GSX Server console window does not use full mouse inte-gration Until the tools are installed, VMware uses a focus

or mouse grab feature whereby selecting the virtual machine window by clicking the mouse pointer inside the window, the focus is

shifted from the host operating system to the guest operating system Th e

mouse and keyboard are now active within the virtual machine window

To release focus, GSX Server uses a default key combination, CTRL+ALT

To regain focus within the virtual machine window, simply click the mouse

pointer inside the window Th e mouse grab will once again activate, and

focus is retained inside of the virtual machine Once VMware Tools is

in-stalled, full mouse integration is enabled and the mouse cursor can freely

move outside of the virtual machine window by moving the mouse cursor

to the host operating system without the need for the CTRL+ALT key

combination

When the Windows installation fi nishes and reboots, to log

on to the system, VMware remaps the CTRL+ALT+DELETE key combination to CTRL+ALT+INSERT Th e key combi-nation can also be passed to the virtual machine by using the menu system in the console, selecting VM > Send Ctrl+Alt+Del

After the guest operating system installation is completed, VMware Tools

should immediately be installed To learn more about VMware Tools, see

chap-ter 22

VMware Tools for a Windows Installation

VMware Tools supports all Windows guest operating systems Th e detailed steps

for installing VMware Tools vary from one version of Windows to the next Th e

installation procedures listed below will follow along with the previous example

of a Windows Server 2003 Standard Edition guest operating system To install

VMware Tools, follow these steps:

1 After the virtual machine is powered on, log on to the virtual machine as

an administrator

2 Once the guest operating system has settled down, click VM > Install

VMware Tools Th e system prompts with a warning message stating the

guest operating system must be running to continue Since the virtual

machine is powered on and an administrator account is logged in, click

Install to continue

3 If autorun is not enabled in the guest operating system, the VMware Tools

installer must be launched manually Click Start > Run and enter D:\

setup\setup.exe (where D: is the drive letter of the fi rst virtual CD-ROM

drive) Th e InstallShield Wizard launches the application and the

VM-ware Tools welcome page appears Click Next to begin the tools

installa-tion

You do not need a physical CD-ROM drive or physical media

to install VMware Tools Th e tools are supplied by VMware and are located on an ISO image that is copied to the host server during the GSX Server installation When VMware Tools is installed, the ISO image is automatically mounted to the virtual

machine Once the tools installation is complete, the ISO image will

un-mount itself from the virtual CD-ROM drive that then returns to its

pre-vious state

4 Th e Setup Type dialog box appears and off ers three installation choices:

Typical, Complete and Custom

Typical—A typical installation only installs the features that are used

by VMware GSX Server Unless the virtual machine image is going

to be shared with a Workstation environment, the typical installation method is an appropriate choice

Complete—A complete installation installs all program features Th e complete installation should be selected if the virtual machine is going

to be shared with a Workstation environment Th e install adds features that are supported in other platforms, but not GSX Server

Custom—A custom installation gives control over which individual features are installed and where they are installed Th e installer can al-ways be run again at a later time to add or remove individual features

In this example, select the Typical installation and click Next to tinue

5 Th e Wizard is now ready to begin installation Th is is the last opportunity

to make any changes to the VMware Tools installation To make changes, click Back until the dialog screen appears where changes are needed If no changes are necessary, click Install to begin the installation

6 Th e installer begins copying fi les When the installer begins to install the

virtual drivers, one or more Digital Signature Not Found dialog boxes may appear Th e virtual drivers are safe to install, and the dialog can be safely allowed to continue

7 After the installer fi nishes installing the drivers, a second dialog box

ap-pears warning hardware acceleration may not be enabled in the virtual machine To increase mouse and video performance, hardware accelera-tion should be enabled Click Yes Th e installer will open the Display Properties window From the Settings tab, select Advanced > Trouble-shoot and slide the Hardware acceleration slider bar to Full and then ap-ply the change

8 Once the installation Wizard has completed the install, click Finish to

exit the Wizard To initialize any new drivers that have been installed, the virtual machine should be rebooted

Th e installation of VMware Tools in a virtual machine is a one time event After the installation, the enhanced drivers and features that were added will be used by the guest operat-ing system just like any other driver updates performed on

a physical server VMware Tools should be installed in every individual

virtual machine as well as any template images that may be created It is

possible for new, updated versions of VMware Tools to get released If that

happens, the tools can be removed, added or upgraded like many other

Windows applications

Installing a Linux Guest Operating System

GSX Server supports a wide array of Linux operating systems For this example,

a Red Hat Linux 9.0 guest operating system installation will be detailed

1 Once the Red Hat Linux 9.0 media is mounted, power on the virtual

machine by clicking the Power On button

2 As long as the boot order in the BIOS has not been changed, the virtual

machine will boot from the CD-ROM media and the Red Hat

installa-tion begins If CD-ROM is not listed before hard disk, update the BIOS

boot order to allow the virtual machine to boot off the CD-ROM media

Red Hat Linux 9.0 needs to be installed using the text mode installer

Figure 21.16 shows the installation choices that are available once the Red

Figure 21.16 Red Hat 9.0 Installation Choices.

Hat Linux 9.0 CD-ROM boots Choose the text mode installer by typing linux text and then press <ENTER>.

3 Follow the installation steps according to the instructions on the screen

just as if the operating system were being installed on a physical server To ensure a successful installation, follow the choices outlined in the follow-ing steps

4 Choose the language that should be used during the installation process

Th en choose the model of keyboard that is attached to the host server In this example, the English language was selected and US was chosen as the keyboard selection

5 Th e next screen is the Mouse Selection screen Th e two best selections

here are Generic - 3 Button Mouse (PS/2) (select Emulate 3 Buttons for three button mouse support in the virtual machine) or Generic Wheel Mouse (PS/2) (if a wheel mouse is connected) In this example, a generic wheel mouse is selected

6 For Installation Type, choose either Workstation or Server Th is is a

high-level detail as to what types of software will be installed on the virtual chine A more fi ne grained packaging selection comes later in the install

ma-For this example, Server is selected

7 A warning message may appear stating the partition table is unreadable, as

shown in Figure 21.17 It simply means that the virtual hard drive needs

to be partitioned and formatted before the installation can take place lect Yes to initialize and erase all the data on the virtual hard drive It does not aff ect the physical hard disk on the host server

Se-Figure 21.17 Warning to Partition and Format the Virtual Hard Disk.

8 If the virtual machine was confi gured with a network confi guration, LAN

settings can be confi gured in the Network Confi guration screen Either

bootp/dhcp can be selected to allow DHCP to automatically assign TCP/

IP settings or the networking settings can be manually entered

9 In the Video Card Confi guration screen (see Figure 21.18), select the

Skip X Confi guration option

After the guest operating system installation is completed, VMware Tools should

immediately be installed To learn more about VMware Tools, see chapter 22

VMware Tools for a Linux Installation

VMware Tools supports many diff erent fl avors or versions of the Linux guest

operating system Th e detailed steps for installing VMware Tools can vary from

one fl avor of Linux to the next Th e installation procedures listed below will

fol-low along with the example of a Red Hat Linux 9.0 guest operating system To

install VMware Tools, follow these steps:

1 After the virtual machine is powered on, log in to the virtual machine as

root

2 Once the guest operating system has settled down, click VM > Install

VMware Tools Th e system prompts with a warning message stating the

guest operating system must be running to continue Since the virtual

machine is powered on and the root account is logged in, click Install to

continue

Figure 21.18 Video Card Confi guration Option.

VMware Tools for a Linux guest operating system must

be executed while the system is running in text mode You cannot install VMware Tools from a terminal in a GUI X session If your virtual machine boots to an X server auto-matically, you can switch to a text workspace by using the default keys -

CTRL+ALT+SPACEBAR, release the SPACEBAR and press the function

key (for example F2) for the workspace you want to use

3 As root, mount the VMware Tools ISO image, uncompress the installer

while in the /tmp directory and then unmount the ISO image In keeping with the example, the following steps are performed on a Red Hat Linux 9.0 installation (the commands should be modifi ed to follow the conven-tions used for other Linux fl avors):

mount /cdrom

cd /tmptar zxf /mnt/vmware-linux-tools.tar.gzumount /mnt

You do not need a physical CD-ROM drive or physical media to install

VMware Tools Th e tools are supplied by VMware and are located on an ISO image that is copied to the host server dur-ing the GSX Server installation

4 Th e VMware Tools installer is uncompressed to the vmware-tools-distrib

folder Change to that folder and run the installer

cd vmware-tools-distrib./vmware-install.pl

5 Th e installer then prompts about default directories In this example,

ac-cept the default directories by responding Yes to each question

6 Once the fi nal directory is accepted, the VMware Tools confi guration

program should be executed Th e system may ask about running the

con-fi guration program /usr/bin/vmware-concon-fi g-tools.pl It may prompt: Do you want this program to invoke the command for you now? If so, select Yes to allow the confi guration program to execute Otherwise, run the confi guration program manually by entering:

./vmware-confi g-tools.pl

7 To change the virtual machine’s display resolution, select the number that

corresponds to the desired resolution

8 Th e confi guration is complete Log out of the root account

9 Start X window to launch the graphical environment

10 In a terminal session, launch the VMware Toolbox by executing the

fol-lowing command:

vmware-toolbox &